<?php
	session_start();
	include("load-settings.php");

	if(!isset($_SESSION['user']))
		die;
		//header("Location: login.php");

	$user = $_SESSION['user'];

	$result = mysql_query("SELECT * FROM user WHERE id = $user");
	$row = mysql_fetch_array($result);
	$access = $row['type'];

	$ticket = mysql_real_escape_string($_POST['ticket']);

	$result = mysql_query("SELECT * FROM ticket WHERE id = $ticket") or die(mysql_error());
	$row = mysql_fetch_array($result);

	$pass = false;

	if($user == $row['user'])
		$pass = true;
	else if($access == 2)
		$pass = true;
		
	if(!$pass)
		die;
		//header("Location: home.php");

	$message = mysql_real_escape_string($_POST['msg-box']);
	
	mysql_query("INSERT INTO ticket_chat (user, message, timestamp, ticket) VALUES ($user, '$message', ".time().", $ticket)");

	//header("Location: ticket.php?id=".$ticket);
?>